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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments, see remarks, filed 24 April 2006, with respect to the 
rejection(s) of claim(s) 1-35 under Title 35 U.S.C. have been fully considered and are 
persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of newly found prior art 
reference(s). See rejections below. 



Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
MeLampy et al. (2003/0051 130) and Bacha et al. (6,795,920). 

4. As per claim 1 , MeLampy et al. teaches a method in a router having at least one 
outbound interface (see MeLampy et al., ^ 5), the method comprising: establishing, on 
the outbound interface, a plurality of Internet Protocol (IP)-based secure connections 
with respective destinations based on receiving encrypted packets generated by a 
cryptographic module (see MeLampy et al., H 27), each encrypted packet successively 
output from the cryptographic module having a corresponding successively-unique 
sequence number (see MeLampy et al., 55); (2) reordering, in each queuing module, 
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a corresponding group of the data packets associated with the corresponding secure 
connection (see MeLampy et al., H 40) according to a determined quality of service 
policy (see MeLampy et al., H 36) and based on a corresponding assigned maximum 
output bandwidth for the corresponding queuing module (see MeLampy et al., H 34), 
and (3) outputting to the cryptographic module the group of data packets, from each 
corresponding queuing module according to the corresponding assigned maximum 
output bandwidth, for generation of the encrypted packets (see MeLampy et al., H 33- 
34); and second outputting the encrypted packets from the cryptographic module to the 
one outbound interface for transport via their associated secure connections (see 
MeLampy et al., H 57). But fails to teach controlling supply of data packets to the 
cryptographic module by: (1) assigning, for each secure connection, a corresponding 
queuing module. However, Bacha et al. teaches controlling supply of data packets to 
the cryptographic module by: (1) assigning, for each secure connection, a 
corresponding queuing module (see Bacha et al., col. 9, lines 45-48). It would have 
been obvious to one having ordinary skill in the art at the time of the invention to modify 
MeLampy et al. to controlling supply of data packets to the cryptographic module by: (1) 
assigning, for each secure connection, a corresponding queuing module in order to 
allow user processes running in dedicated vaults to communicate with other User 
processes running in different vaults using a secure depositor running as a module in a 
vault process in each vault (see Bacha et al., abstract). 

5. As per claim 10, MeLampy et al. teaches a router comprising: a cryptographic 
module configured for successively outputting encrypted packets having respective 
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successively-unique sequence numbers (see MeLampy et al., H 40); an outbound 
interface configured for establishing a plurality of Internet Protocol (IP)-based secure 
connections with respective destinations based on receiving respective streams of the 
encrypted packets (see MeLampy et al., H 27); each queuing module configured for: (I) 
outputting to the cryptographic module a corresponding group of the data packets 
associated with the corresponding secure connection, and according to a corresponding 
assigned maximum output bandwidth for the corresponding queuing module, for 
generation of the corresponding stream of the encrypted packets (see MeLampy et al., 
H 33-36), and (2) reordering the corresponding group of the data packets according to a 
determined quality of service policy and the corresponding assigned maximum output 
bandwidth (see MeLampy et al., H 61). But fails to teach a queue controller configured 
for controlling supply of data packets to the cryptographic module, the queue controller 
configured for assigning, for each secure connection, a corresponding queuing module. 
However, Bacha et al. teaches a queue controller configured for controlling supply of 
data packets to the cryptographic module, the queue controller configured for assigning, 
for each secure connection, a corresponding queuing module (see Bacha et al., col. 9, 
lines 45-48). It would have been obvious to one having ordinary skill in the art at the 
time of the invention to modify MeLampy et al. to a queue controller configured for 
controlling supply of data packets to the cryptographic module, the queue controller 
configured for assigning, for each secure connection, a corresponding queuing module 
in order to allow user processes running in dedicated vaults to communicate with other 
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User processes running in different vaults using a secure depositor running as a module 
in a vault process in each vault (see Bacha et al., abstract). 

6. Claims 2-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
MeLampy et al. and Bacha et al. as applied to claim 1 above, and further in view of 
Young et al. (2003/0093563). 

7. As per claim 2, MeLampy et al. and Bacha et al. teach the mentioned limitations 
of claim 1 above but fail to teach a method, wherein the reordering step includes, in 
each queuing module, reordering the corresponding group of the data packets 
according to the determined quality of service policy in response to detection of a 
congestion condition in the outbound interface. However, Young et al. teaches a 
method, wherein the reordering step includes, in each queuing module, reordering the 
corresponding group of the data packets according to the determined quality of service 
policy in response to detection of a congestion condition in the outbound interface (see 
Young et al., H 9). It would have been obvious to one having ordinary skill in the art at 
the time of the invention to modify MeLampy et al. and Bacha et al. to a method, 
wherein the reordering step includes, in each queuing module, reordering the 
corresponding group of the data packets according to the determined quality of service 
poliey-in response-to deteetion-of a congestion-condition in the outbound inteTface"in 
order to implement a complete customer premise solution that enables secure, reliable 
and manageable delivery of voice, video and data services over common IP 
connections (see Young et al., ^ 2). 
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8. As per claims 3-9, the above-mentioned motivation of claim 2 applies fully in 
order to combine MeLampy et al., Bacha et al. and Young et al. 

9. As per claim 3, MeLampy et al. and Bacha et al.-Young et al. teach a method, 
wherein the reordering step includes, in each queuing module: establishing a plurality of 
queues having respective identified priorities (see Young et al., paragraph 0051); 
storing each data packet associated with the corresponding secure connection in one of 
the queues based on a corresponding identified priority for said each data packet (see 
Young et al., paragraph 0019); and selectively outputting the stored data packets from 
the queues, according to the corresponding quality of service policy (see Young etal., 
paragraph 0009). 

10. As per claim 4, MeLampy et al. and Bacha et al.-Young et al. teach a method, 
wherein: the establishing step includes establishing, on each of a plurality of the 
outbound interfaces (see Young et al., paragraph 0080), a corresponding plurality of the 
secure corrections with a corresponding plurality of respective destinations based on 
receiving a corresponding stream of encrypted packets from the cryptographic module 
(see Young et al., paragraph 0082); the controlling step includes controlling the supply 
of data packets, for each outbound interface, from the cryptographic module based on 
repeating the assigning, reordering, and outputting steps for each of the secure 

^connections (see Young et al, T paragraph 01 50)rthe second outputting step including 
outputting each encrypted packet to a corresponding one of the outbound interfaces 
according to a routing decision executed by the router (see Young et al., paragraph 
0098). 
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11. As per claim 5, MeLampy et al. and Bacha et al.-Young et al. teach a method, 
wherein the second outputting step includes outputting the encrypted packets for 
transport via their associated secure connections according to IP Security (IPSEC) 
protocol (see Young et al., paragraph 0123). 

12. As per claim 6, MeLampy et al. and Bacha et al.-Young et al. teach a method, 
wherein the determined quality of service policy implements a guaranteed quality of 
service for one of a video stream and an audio stream (see Young et al., paragraph 
0053). 

1 3. As per claim 7, MeLampy et al. and Bacha et al.-Young et al. teach a method, 
wherein the audio stream is a Voice over IP media stream (see Young et al., paragraph 
0053). 

14. As per claim 8, MeLampy et al. and Bacha et al.-Young et al. teach a method, 
wherein the controlling step further includes obtaining, for each queuing module, the 
corresponding assigned maximum output bandwidth from a configuration register (see 
Young et al., paragraph 0051). 

15. As per claim 9, MeLampy et al. and Bacha et al.-Young et al. teach a method, 
wherein the controlling step further includes negotiating, for at least one queuing 
module, the corresponding assigned maximum output bandwidth with the corresponding 
destination (see-Young et aL, paragraphs 0085-0087): 

16. Claims 1 1-35 have similar limitations as to claims 1-10, therefore, they are being 
rejected under the same rationale. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ranodhi Serrao whose telephone number is (571)272- 
7967. The examiner can normally be reached on 8:00-4:30pm, M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on (571)272-3880. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




